Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a difference between HEC ingestion on-prem vs cloud?

danielbb
Motivator
‎12-18-2024 09:25 AM

I'm under the impression that HEC ingestion directly to the indexers is supported natively on cloud. I wonder whether the HEC ingestion on-prem to the indexers is supported in the same way?

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-18-2024 09:35 AM

Hi

I’m not sure how it has done on SCP? Probably it also depends on which experience you have on cloud or not. Maybe some splunkers can open it?

Anyhow you can do it both way in onprem. You can terminate HEC to separate HFs behind of LB or point LB to indexers. Personally I prefer to use separate HFs as that combination disturbs less indexers and searches. You must remember that when you e.g. install new props&transforms.conf to manage HEC inputs this means that those nodes will rebooted!

Here is link to SVA documentation where you can read more https://docs.splunk.com/Documentation/SVA/current/Architectures/About

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...